Security firm exploits Chrome zero-day to hack browser, escape sandbox

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
French security company Vupen said today that it's figured out how to hack Google's Chrome by sidestepping not only the browser's built-in "sandbox" but also by evading Windows 7's integrated anti-exploit technologies.

"The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox," said Vupen in a blog post Monday. "It is silent (no crash after executing the payload), it relies on undisclosed ('zero-day') vulnerabilities and it works on all Windows systems."

Vupen posted a video demonstration of its exploit on YouTube :


Read more
 
Last edited:

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
Looks like Vupen will be getting a nice amount of cash from Google for figuring this out.

Cheers for sharing Jack.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Seems they figured out and finally they made a success on vulnerable the sandbox which before that no one can attack it.
 

HeffeD

Level 1
Feb 28, 2011
1,690
MrXidus said:
Looks like Vupen will be getting a nice amount of cash from Google for figuring this out.

No, because they don't plan on telling Google how they did it... :huh:

The Vupen researchers said they plan to share technical details of the exploit only with government customers “for defensive and offensive security.” Neither Google nor the public will be privy to the specifics.

Link
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
So finally Chrome was hacked..."good job" Vupen...... the most impressive part is that this exploit runs silently without crashing the browser...
However We should have in mind that this is the very first time when Chrome was hacked...this proves only one thing.... Chrome , right now, it's the most secure browser on the market...
As for the exploit..I've got a feeling that Google will manage to find out how this guys did it....
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
On the video from Vupen its just made a quick hacked just a link pasted that was made by Vupen.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Google engineers claim that Chrome PWN bug is a Flash bug


Yesterday I reported that security firm VUPEN claimed to have a Google Chrome browser exploit that bypassed the browser’s sandbox and Windows ASLR and DEP security measures. Today Google engineers are claiming that the bug isn’t with Chrome itself but in the Flash player bundled with the browser.

Google security engineer Tavis Ormandy had this to say on Twitter:

As usual, security journalists don’t bother to fact check. VUPEN misunderstood how sandboxing worked in chrome, and only had a flash bug.”

Side note: To be fair to security journalists, VUPEN doesn’t given them much to go on, and only discloses details of the vulnerability to government organisations and ‘paying’ customers.

Another Google security engineer, Chris Evans, chimed in with this in a reply to another comment on Twitter:

It’s a legit pwn, but if it requires Flash, it’s not a Chrome pwn. Do Java bugs count as a Chrome pwn too, because we support NPAPI?”

VUPEN, while being open to questions, isn’t answering questions related to the bug. VUPEN CEO Chaouki Bekrar became involved in the conversation with Google engineers on Twitter.
05112011_twitter_cbekrar.png

Judging by his responses, I think that it is fair to say that this is indeed a Flash bug and not Chrome bug.

Read more
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Seems like VUPEN manage to exploit a Flash bug(which come integrated into Chrome)...and not a per say , a Chrome bug........this brings a surprising turn of events.
What do you think..is this Google security engineers defending their product or VUPEN made a mistake when they said ... We pwnd Chrome!:D
 

HeffeD

Level 1
Feb 28, 2011
1,690
The way I see it, (and If I'm understanding it correctly) it doesn't really matter if it was a Flash exploit. If they were able to exploit Flash and get it to bypass the Chrome sandbox, (Which is an access rights type of sandbox) it's as good as a Chrome exploit. :rolleyes:

Say you install a new home alarm system, and start bragging to everyone you know about how secure all your valuables are now. Then a thief disables a door sensor and enters your home and steals your stuff. Wouldn't you feel a bit silly stating that they didn't really bypass your security system, all they did was bypass a door sensor? ;)

If they're in, that's all that matters. Passing the buck is a bit lame.
 

Tweak

New Member
Jan 8, 2011
274
I'm inclined to agree with HeffeD and say a breach is a breach, splitting hairs here is irrelevant.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well what can we say, as Jack said chrome was pwned, and the only security firm managed that. Google Engineers must take the action to make it tighten so it will not pwned again.
 

silviu_c

New Member
Feb 28, 2011
34
HeffeD said:
The way I see it, (and If I'm understanding it correctly) it doesn't really matter if it was a Flash exploit. If they were able to exploit Flash and get it to bypass the Chrome sandbox, (Which is an access rights type of sandbox) it's as good as a Chrome exploit. :rolleyes:

Say you install a new home alarm system, and start bragging to everyone you know about how secure all your valuables are now. Then a thief disables a door sensor and enters your home and steals your stuff. Wouldn't you feel a bit silly stating that they didn't really bypass your security system, all they did was bypass a door sensor? ;)

If they're in, that's all that matters. Passing the buck is a bit lame.

If your alarm system only has the door sensor and no additional movement sensor that follows the door sensor than you just got ripped off :p

Anyway I liked the fact that Google engineers knew what the problem was and I think it's fixed now since we just got a new update with a new version of flash player.

The rest is just a "mine is longer" contest between Vupen and Google.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
BoXX28 said:
Easy cash for Vupen, LOL
I don't think Vupen said to Google how did they manage to pwned Chrome..... Google engineers most likely spent hours ,if not days investigating the incident.
Also I bet that the Vupen staff spent a lot of time analyzing Chrome to find a hole in it;P
Overall ,like silviu_c said it's good that Google engineers found out what the problem was and most likely fixed it..
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top